fix(serialize-json): prevent json injection via malicious comments
This commit is contained in:
parent
615ff12c27
commit
7bcde68b9f
|
@ -182,7 +182,10 @@ public class JsonWriter extends SerializeWriter<IOException, JsonWriter> impleme
|
|||
private void writeDeferredComment() throws IOException {
|
||||
if (!deferredComments.isEmpty()) {
|
||||
if (newline.isEmpty()) {
|
||||
out.append("/* ").append(String.join(" / ", deferredComments)).append(" */");
|
||||
out.append("/* ")
|
||||
.append(String.join(" / ", deferredComments)
|
||||
.replace("*/", "#/"))
|
||||
.append(" */");
|
||||
} else {
|
||||
boolean first = true;
|
||||
for (String s : deferredComments) {
|
||||
|
|
Loading…
Reference in New Issue